Report Claims 34,000 Ethereum Smart Contracts Are Vulnerable to Bugs

Report Claims 34,000 Ethereum Smart Contracts Are Vulnerable to Bugs

Over 34,000 ethereum smart contracts containing $4.4 million in ETH may be vulnerable to exploitation. That’s the conclusion reached by a quintet of researchers hailing from Singapore and the UK. Their technical report, which is currently undergoing peer review, suggests that millions of dollars in ether may be at risk from poorly coded smart contracts that contain a variety of bugs.

Smart Contracts Are Only as Smart as Their Creator

“Finding The Greedy, Prodigal, and Suicidal Contracts at Scale” is the provocative title of a research paper submitted by British and Singaporean students last week. Its authors have dived deep into ethereum smart contracts, “finding contracts that either lock funds indefinitely, leak them carelessly to arbitrary users, or can be killed by anyone”. This latter flaw is precisely what happened to Parity last November.

The dangers of relying on smart contracts that have not been independently audited are well-documented. In the past year, $500 million has been lost due to bad code, and around half of that figure involved ethereum. The most notorious case was the Parity bug which led to $168 million of ether being rendered permanently inaccessible, though there have been plenty of smaller incidents where inexperienced or inattentive developers have been caught out.

A Small Drop in a Big Ocean

The authors of the report claim to have used a tool to analyze almost one million smart contracts, of which 34,200 were found to be vulnerable, with 2,365 of these stemming from distinct projects. That means that around 3.4% of all smart contracts are potentially vulnerable to being hacked, broken, or otherwise exploited. Of the contracts that the research team flagged as being exploitable, “the maximal amount of Ether that could have been withdrawn…is nearly 4,905 Ether” worth $4.4 million.

The report continues: “In addition, 6,239 Ether (7.5 million US dollars) is locked inside posthumous contracts currently on the blockchain, of which 313 Ether (379,940 US dollars) have been sent to dead contracts after they have been killed.” One thing the report deliberately omits is the identity of the smart contracts flagged as being at risk. But with almost 1 in 20 contracts vulnerable, and a jackpot of over $4.5 million in ether up for grabs, determined attackers have every incentive to put this research to the test.

What do you think can be done to make smart contracts safer? Let us know in the comments section below.

You may like

United Bitcoin May Be the Most Controversial Fork to Date 2018

Back on December 12 the well-known developer Jeff Garzik launched a Bitcoin Core (BTC) based fork called United Bitcoin (UBTC) after Segwit2x failed. At block height 498,777 the snapshot took place, and the UBTC network began just like the rest of the forks in existence, but claiming the tokens is far more complicated than one would think

The Promises of United Bitcoin

A few months ago we reported on the UBTC project created by Jeff Garzik, his partner at the blockchain company, Bloq, chairman Matthew Roszak, and Bitbank Group’s Songxiu Hua. The team says it plans to create a credit currency system pegged against various fiat currencies alongside a native smart contract feature. The entire network is modeled after the bitcoin core blockchain prior to December 12, and all active wallet holders are able to receive UBTC at a 1:1 rate. The catch is inactive wallets will go towards the UB Foundation to support innovative blockchain development.

Over the past few weeks, the UBTC team have made some videos detailing their project’s goals to be serious cryptocurrency contender. One particular documentary shows Garzik describing why he thinks UBTC can be a digital asset that engages and unites with the entire cryptocurrency ecosystem. “If I could start with a clean slate what technologies would I include?” Garzik asks an audience during the video. Matthew Roszak says that United Bitcoin will encompass three really important pieces technology, community, and tokenomics by relying on cross-industry innovation.

One Out of Only Two Miners Controls 70% of the Network’s Hashrate

So far the network has minimal infrastructure and community support. At the time of publication, there are only two miners who are processing UBTC blocks; an unknown entity and the mining pool BW.com. The mining pool BW.com has more than 70 percent of the network’s hashrate. The network’s total hashrate is only 50,811.47 TH/s and block intervals can range from an hour and a half, to occasional sporadic 20-40 minute blocks. The network has an extremely low amount of users as there are only 20 pending transactions right now. Blocks are averaging roughly 20-100 transactions, and most block sizes are well below 1MB even though UBTC has the capacity for 8MB blocks.

UBTC has its own full node wallet client for Linux, Windows, and Macintosh operating systems and the source code is available for review. According to the distribution repository, there will also be a lightweight client release soon. There are three other wallets that support the UBTC protocol. As far as exchanges most of them are based in Asia, and a great majority of them are unknown and exchange very little trade volume besides the exchange Okex. At the moment, according to Coinmarketcap statistics, one UBTC is worth $82 USD.

Required Identity Verification and Claiming Inactive Addresses: United Bitcoin Is the Most Controversial Fork to Date

The most controversial part of the project is the opt-in airdrop feature which basically means a bitcoin holder must give up some form of identification to obtain UBTC. In order to even get started with UBTC, a user must supply a valid email address and a mobile phone number. After this process, the registrant has to have a valid bitcoin address as well to receive the 1:1 distribution. Another contentious issue with UBTC is the Foundation’s claiming of “unused addresses” which means after a period of time inactive addresses will be used for future development. At the moment the team has added a “grace period” which has extended the timeframe so bitcoin holders can claim their UBTC.

Because of the ‘KYC-like’ requirements and the fact that the development team will claim Satoshi Nakamoto’s and the inactive addresses of many whales, makes UBTC one of the most vexed bitcoin forks to date. These two tendentious issues plus the fact that the network has very little infrastructure may have a hard time gaining the crypto-community it hopes to progress.

What do you think about the UBTC project? Would you claim these airdrop tokens knowing you have to tie your identity to the platform? What do you think about the development team claiming inactive addresses? Let us know what you think about this project in the comments below.

Google Search Volume for Bitcoin Keywords Increased by as Much as 1000% During 2017

Following bitcoin’s incredible performance and increased media coverage during 2017, there is no doubt that bitcoin has witnessed increased user adoption. Estimates regarding the scale of bitcoin’s growth vary due to the anonymous nature of bitcoins transactions; however, the search engine traffic for terms such as ‘bitcoin’ are generally seen as a reliable indicator of the growth in bitcoin’s user adoption. The most recent figures made available by Google indicate an increase in searches for prominent keywords relating to bitcoin of many hundreds of percent when comparing data from 2016 and 2017, whilst bitcoin became the ninth most visited page on Wikipedia during last year – indicating a significant increase in bitcoin user adoption.

On Wikipedia, Bitcoin Was the Ninth Most Visited Page for 2017

According to Wikipedia’s annual report the 50 most visited pages on the website, bitcoin ranked ninth for 2017. The report describes bitcoin as “the much-hyped ‘future of money’”, adding that the world’s first cryptocurrency “has turned into the most speculative intangible asset of all time.” The report states that the page was visited 15,026,561 times during 2017.

Traffic for bitcoin’s Wikipedia page peaked on the 8th of December – when BTC experienced a dramatic retracement of approximately 20%, falling from the then all-time high of $17,171 USD on Bitfinex, before bouncing off the approximately $14,000 area. Despite bitcoin’s meteoric price performance during 2017, the Wikipedia report recognizes some of bitcoin’s shortcomings that emerged during the year – stating that bitcoin “prov[ed] totally unsuitable as a means of payment” due to the controversy surrounding the scaling issues that have plagued BTC throughout the year.

Google Searches for Bitcoin Reach Record Highs

The volume of Google searches conducted for prominent keywords pertaining to bitcoin has also produced dramatic growth – with the latest data from Google indicating that numerous major keyword groupings received between one million and ten million searches each month on average during 2017. The data indicates that monthly searches relating to the keywords ‘bitcoin price’ saw an increase of over 1,000% on average during January 2017 to December 2017 when compared with data from the previous year, whilst searches pertaining to ‘bitcoin chart’ increased by 934%, and searches for ‘bitcoin USD’ increased by more than 800%. Google estimates that each of the aforementioned keyword groupings received between 1 and 10 million searches on average each month during 2017 – a significant increase compared to the 100,000 and 1,000,000 monthly searches Google estimates were conducted each month during 2016.

A large number of dominant keyword groupings pertaining to bitcoin received between 100,000 and 1,000,000 searches monthly last year. Among those that experienced the highest growth when compared with 2016 were ‘current bitcoin’ – for which searches increased by 895.9%, ‘btc price’ – which increased by 828.5%, sell bitcoins – gaining in volume by 626.5%, bitcoin miner – up 590.6%, btc rate – up 510.4%, bitcoin calculator – up 471.2%, bitcoin rate – up 461.4%, buy bitcoin – up 273.5%, and bitcoin trading – up 170.9%. Searches for ‘earn bitcoin’ increased by 74.6%. Several notable keywords also grew to receive between 10,000 and 100,000 searches last year, including ‘bitcoin market’ – which increased in search volume by 900%, ‘btc chart’ – searches for which grew by 826.2%, ‘currency bitcoin’ – with searches increasing by 826.1%, ‘purchase bitcoin’ – which increased by 752.5%, and ‘bitcoin account’ – increasing by 291.2%.

Curiously, some of the top keyword groupings that produced the least growth during 2017 included ‘bitcoin mining’ – searches for which grew by 33.6%, ‘bitcoin exchange’ – which grew by 17.5%, and ‘bitcoin wallet’ – which saw a meagre increase in search traffic of only 0.9%.